Snippet: Australia and New Zealand seem to have become prime targets for cybercriminals over the past few months. As a target, Australia is under the top 10 in the world for phishing, malware, and fraud. According to Symantec strategist Mark Shaw, 108 cybercrime attacks occur in New Zealand every day; during 2015, the country’s global rank rose in five out of six threat categories: spam, phishing hosts, bots, network attacks, and web attacks. It also had the eighth-highest proportion of global phishing traffic.

Australia and New Zealand seem to have become prime targets for cybercriminals over the past few months. As a target, Australia is under the top 10 in the world for phishing, malware, and fraud. According to Symantec strategist Mark Shaw, 108 cybercrime attacks occur in New Zealand every day; during 2015, the country’s global rank rose in five out of six threat categories: spam, phishing hosts, bots, network attacks, and web attacks. It also had the eighth-highest proportion of global phishing traffic. More than 856,000 New Zealanders are estimated to have been affected by cybercrime last year, at a cost of 257 million New Zealand dollars (186 million US dollars) to the economy.

Australia and New Zealand were also two of the countries hit hardest by the Android/Spy.Agent.SI attack early in March. This malware, which simply shrugged off its victims’ SMS-based 2FA, targeted online banking users at Westpac, Bendigo Bank, ANZ Bank, the Bank of New Zealand, and Kiwibank, among others. Another attack that has wrought havoc in the area is Marcher, which was aimed at seven Australian banks as well as PayPal accounts.

In an attempt to improve the situation, the New Zealand government announced on 5 May that they have allocated 22.2 million New Zealand dollars (16 million US dollars) of funding to fight cybercrime over the next four years. Australia, in turn, will be spending 230 million Australian dollars (175 million US dollars) during the same period in a cybersecurity initiative that will include the employment of 100 IT experts to liaise between government and business. However, Greg Austin, visiting professor at the Australian Centre for Cyber Security, laments that these initiatives are not accompanied by an appropriate sense of crisis: “There is a lack of urgency, and the rhetoric is very different to other key markets.” An example of these is the US, which declared a national emergency in cyber space in April.

Inadequate cybersecurity legislation is indeed something for which both Australia and New Zealand have come under fire. Simon Falconer, managing director of New Zealand IT firm Resolve, says the “hush-hush attitudes of professional services firms and their IT providers” are contributing to the “tidal wave of cyberattacks” that continue to devastate New Zealand businesses. Leon Fouche, head of cybersecurity at Australian auditing firm BDO, says that “government should take leadership in defining cybersecurity guidelines and cybersecurity health check tool kits, so organisations can assess their cyber risks and the actions they need to take to make them more prepared”.

While there have already been some steps in the right direction, the introduction of multi-factor authentication to protect government, company, and consumer data would undoubtedly contribute to a safer online and mobile environment. Unfortunately, Australia’s new Cybersecurity Strategy, issued on 21 April, makes no mention of 2FA – or any kind of authentication – and does not say what it means by the “strong cyber security” it encourages.

At the moment, most banks in the region offer only SMS OTP as a second factor of authentication for online banking, and this is often accompanied by cumbersome measures such as challenge questions or security tokens. These methods have been proved to be inefficient against creative cybercrime tactics, and will therefore not protect personal information in the long run. If banks do not take the lead in strengthening authentication, Australia and New Zealand will remain prime fraud targets in all industries.

Subscribe to our blog.


Jolette Roodt

WRITER/ANALYST

Entersekt Logo

Entersekt is an innovator of customer-centric fintech solutions. Financial services providers and other enterprises rely on our patented mobile identity system to provide both security and the best in convenient new digital experiences to their customers, irrespective of the service channel. With us, they can concentrate on their innovation roadmap, while delivering intuitive, low-friction digital experiences to their customers.